This is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you.
Please read LAMP Howto article first.
To install such a system you will need the following:
Boot from your Fedora 13 DVD. Select
Install or upgrade an existing system. It can take a long time to test the installation media so skip this test. The welcome screen of the Fedora installer appears.
Next. Choose your language, your keyboard layout.
I assume that you use a locally attached hard drive, so you should select
Basic Storage Devices:
If you see the following message:
Error processing drive: /dev/sda. This device may need to be reinitialized. REINITIALIZING WILL CAUSE ALL DATA TO BE LOST!, click on
Fill in the hostname of the server:
server1.example.com. Choose your time zone. Give
root user a password.
Now you have to partition your hard disk. Please consider the partitioning guidelines from my previous article. Afterwards, your new partitions are created and formatted.
Now select the software to install. Uncheck
Graphical Desktop and check
Web server instead. Then check
Customize now. Afterwards, select the additional repositories
Fedora 13 - x86_64 and
Fedora 13 - x86_64 - Updates (if you are on an i386 system, the names are probably
Fedora 13 - i386 and
Fedora 13 - i386 - Updates).
As the last two repositories need an Internet connection, a new window pops up where you have to configure your network card. Select
Enable IPv4 support, but disable
Use dynamic IP configuration (DHCP). Then, give your network card a static IP address and netmask (in this tutorial I'm using the IP address
192.168.100.250 and netmask
255.255.255.0 for demonstration purposes). Fill in your gateway (e.g.
192.168.100.253) and one nameserver (e.g.
The details for the last two repositories should now be retrieved, and the checkboxes in front of them should be marked. Click on
Now select the package groups to install. Select
DNS Name Server,
Server Configuration Tools,
System Tools. Unselect all other package groups and click on
The installation begins. This will take a few minutes.
Finally, the installation is complete, and you can remove your DVD and reboot the server.
After the reboot, the following screen appears:
If you did not configure your network card during the installation, you can do that now by selecting
Network configuration and then
Device configuration. Select your network interface (usually
eth0), then fill in your network details - disable DHCP and fill in a static IP address, a netmask, and your gateway, then hit
Ok. Next select
Save. Regardless of whether you configured your network connection during the installation or just now, you can specify nameservers (during the initial installation you could fill in just one nameserver). Select
DNS configuration, fill in additional nameservers and hit
Save&Quit and leave the
Choose a Tool window by selecting
You can run
ifconfig to check if the installer got your IP address right.
Now I disable Fedora's
NetworkManager and enable normal networking.
NetworkManager is good for desktops where network connections can change (e.g. LAN vs. WLAN), but on a server you usually don't change network connections:
chkconfig NetworkManager off chkconfig --levels 35 network on /etc/init.d/network restart
/etc/resolv.conf if it lists all previously configured nameservers:
If nameservers are missing, run
system-config-network and add the missing nameservers again.
/etc/hosts and make it look like this:
127.0.0.1 localhost.localdomain localhost 192.168.100.250 server1.example.com server1 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
It is important that you add a line for
server1.example.com and remove
server1 from the
SELinux is a security extension of Fedora that should provide extended security. In my opinion it usually causes more problems than advantages; therefore I disable it.
/etc/selinux/config and set
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Afterwards, reboot the system.
Update the existing packages on the system:
and install these software packages:
yum groupinstall 'Development Tools' yum groupinstall 'Development Libraries'
Quota setup depends on your partition schema. You must adjust these instructions so that quota applies to the partitions where you need it.
To install quota, run this command:
yum install quota
/etc/fstab and add
,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the
/ partition (
/dev/mapper/vg_server1-lv_root) and all the other partitions where users have the write access:
# # /etc/fstab # Created by anaconda on Mon May 31 16:25:30 2010 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/vg_server1-lv_root / ext4 defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 1 1 UUID=732ef9e2-879b-4196-a9e4-95402cf29505 /boot ext4 defaults 1 2 /dev/mapper/vg_server1-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0
touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount / quotacheck -avugm quotaon -avug
to enable quota.
This can all be installed with one single command:
yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpMyAdmin
yum install dovecot dovecot-mysql rm -fr /usr/lib/dovecot/ ln -s /usr/lib64/dovecot/ /usr/lib/dovecot
Create the system startup links for Dovecot:
chkconfig --levels 235 dovecot on /etc/init.d/dovecot start
yum install postfix
Turn off Sendmail and start Postfix and MySQL:
chkconfig --levels 235 mysqld on /etc/init.d/mysqld start chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on /etc/init.d/sendmail stop /etc/init.d/postfix start
yum install getmail
Set passwords for the MySQL root account by running
[root@server1 ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): **<-- ENTER** OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation. Set root password? [Y/n] **<-- ENTER** New password: **<-- yourrootsqlpassword** Re-enter new password: **<-- yourrootsqlpassword** Password updated successfully! Reloading privilege tables.. ... Success! By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] **<-- ENTER** ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] **<-- ENTER** ... Success! By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] **<-- ENTER** - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] **<-- ENTER** ... Success! Cleaning up... All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL! [root@server1 ~]#
Now configure phpMyAdmin by editing
/etc/httpd/conf.d/phpMyAdmin.conf. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the
# phpMyAdmin - Web based MySQL browser written in php # # Allows only localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be # considered dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # order deny,allow # deny from all # allow from 127.0.0.1 # allow from ::1 #</Directory> # This directory does not require access over HTTP - taken from the # original phpMyAdmin upstream tarball # <Directory /usr/share/phpMyAdmin/libraries> Order Deny,Allow Deny from All Allow from None </Directory> # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # #<IfModule mod_security.c> # <Directory /usr/share/phpMyAdmin> # SecRuleInheritance Off # </Directory> #</IfModule>
Then create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on /etc/init.d/httpd start
Now you can direct your browser to
http://192.168.0.100/phpmyadmin/ and log in with the user name
root and your new root MySQL password.
Run the following command:
yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql
When ClamAV is installed, a cron job gets installed that tries to update the ClamAV virus database every three hours. This works only if it is enabled it in
Comment out the
FRESHCLAM_DELAY line at the end:
## When changing the periodicity of freshclam runs in the crontab, ## this value must be adjusted also. Its value is the timespan between ## two subsequent freshclam runs in minutes. E.g. for the default ## ## | 0 */3 * * * ... ## ## crontab line, the value is 180 (minutes). # FRESHCLAM_MOD= ## A predefined value for the delay in seconds. By default, the value is ## calculated by the 'hostid' program. This predefined value guarantees ## constant timespans of 3 hours between two subsequent freshclam runs. ## ## This option accepts two special values: ## 'disabled-warn' ... disables the automatic freshclam update and ## gives out a warning ## 'disabled' ... disables the automatic freshclam silently # FRESHCLAM_DELAY= ### !!!!! REMOVE ME !!!!!! ### REMOVE ME: By default, the freshclam update is disabled to avoid ### REMOVE ME: network access without prior activation #FRESHCLAM_DELAY=disabled-warn # REMOVE ME
Comment out the
[...] # Comment or remove the line below. #Example [...] Then we start freshclam, amavisd, and clamd ... sa-update chkconfig --levels 235 amavisd on chkconfig --levels 235 clamd.amavisd on /usr/bin/freshclam /etc/init.d/amavisd start /etc/init.d/clamd.amavisd start If `/etc/init.d/amavisd start` gives you the following error ... [root@server1 ~]# /etc/init.d/amavisd start Starting amavisd: Problem in Amavis::DB or Amavis::DB::SNMP code: BerkeleyDB needs compatible versions of libdb & db.h you have db.h version 4.8.26 and libdb version 4.8.30 Compilation failed in require at (eval 82) line 19. BEGIN failed--compilation aborted at (eval 82) line 19. [FAILED] [root@server1 ~]# ... you must downgrade db4: yum downgrade db4*
Then try to start
Finally change the ownership of some directories:
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db rm -f /var/spool/amavisd/clamd.sock mkdir /var/run/clamav.amavisd /var/run/clamd.amavisd chown amavis /var/run/clamav.amavisd chown amavis /var/run/clamd.amavisd ln -sf /var/spool/amavisd/clamd.sock /var/run/clamav.amavisd/clamd.sock ln -sf /var/spool/amavisd/clamd.sock /var/run/clamd.amavisd/clamd.sock /etc/init.d/clamd.amavisd restart
Install Apache2 with
mod_fcgid, and PHP5 as follows:
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel
... and change the error reporting (so that notices aren't shown any longer) and add
cgi.fix_pathinfo = 1 at the end of the file:
[...] ;error_reporting = E_ALL & ~E_DEPRECATED error_reporting = E_ALL & ~E_NOTICE [...] cgi.fix_pathinfo = 1
Next install suPHP:
cd /tmp wget http://www.suphp.org/download/suphp-0.7.1.tar.gz tar xvfz suphp-0.7.1.tar.gz cd suphp-0.7.1/ ./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs \ --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi \ --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes make make install
Then add the suPHP module to the Apache configuration (edit
LoadModule suphp_module modules/mod_suphp.so
... and create the file
/etc/suphp.conf as follows:
Add the ofllowing content:
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self"
Finally, restart Apache:
PureFTPd can be installed with the following command:
yum install pure-ftpd
Then create the system startup links and start PureFTPd:
chkconfig --levels 235 pure-ftpd on /etc/init.d/pure-ftpd start
Install BIND as follows:
yum install bind bind-utils
Then create the startup links:
chkconfig --levels 235 named on
Don't start BIND now because it must be configured first - this will be done automatically by the ISPConfig 3 installer later on.
Vlogger and webalizer can be installed as follows:
yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder cd /tmp wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz tar xvfz vlogger-1.3.tar.gz mv vlogger-1.3/vlogger /usr/sbin/ rm -rf vlogger*
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards):
cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz tar xvfz jailkit-2.11.tar.gz cd jailkit-2.11 ./configure make make install cd .. rm -rf jailkit-2.11*
This is optional but recommended, because the ISPConfig monitor tries to show the log:
yum install fail2ban chkconfig --levels 235 fail2ban on /etc/init.d/fail2ban start
yum install rkhunter
To install the SquirrelMail webmail client, run ...
yum install squirrelmail
... and restart Apache:
Then configure SquirrelMail:
SquirrelMail must be configured to use Courier-IMAP/-POP3:
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> **<-- D**
SquirrelMail Configuration : Read: config.php --------------------------------------------------------- While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit = Do not change anything Command >> **<-- dovecot**
SquirrelMail Configuration : Read: config.php --------------------------------------------------------- While we have been building SquirrelMail, we have discovered some preferences that work better with some servers that don't work so well with others. If you select your IMAP server, this option will set some pre-defined settings for that server. Please note that you will still need to go through and make sure everything is correct. This does not change everything. There are only a few settings that this will change. Please select your IMAP server: bincimap = Binc IMAP server courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit = Do not change anything Command >> dovecot imap_server_type = dovecot default_folder_prefix = <none> trash_folder = Trash sent_folder = Sent draft_folder = Drafts show_prefix_option = false default_sub_of_inbox = false show_contain_subfolders_option = false optional_delimiter = detect delete_folder = false Press any key to continue... **<-- press a key**
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> **<--S**
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> **<--Q**
One last thing needed to do is modify the file
/etc/squirrelmail/config_local.php and comment out the
$default_folder_prefix variable - otherwise the following error message shows in SquirrelMail after logging in:
Query: CREATE "Sent" Reason Given: Invalid mailbox name.
<?php /** * Local config overrides. * * You can override the config.php settings here. * Don't do it unless you know what you're doing. * Use standard PHP syntax, see config.php for examples. * * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $ * @package squirrelmail * @subpackage config */ //$default_folder_prefix = ''; ?>
Now type in
http://192.168.100.250/webmail in browser to access SquirrelMail.
To install ISPConfig 3 from the latest released version, do this:
cd /tmp wget http://downloads.sourceforge.net/ispconfig/ISPConfig-22.214.171.124.tar.gz?use_mirror= tar xvfz ISPConfig-126.96.36.199.tar.gz cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer:
root@server1 install]# php -q install.php --------------------------------------------------------------------- _____ ___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_) | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | __/ | |___/ --------------------------------------------------------------------- >> Initial configuration Operating System: Redhat or compatible, unknown version. Following will be a few questions for primary configuration so be careful. Default values are in [brackets] and can be accepted with <ENTER>. Tap in "quit" (without the quotes) to stop the installer. Select language (en,de) [en]: **<-- ENTER** Installation mode (standard,expert) [standard]: **<-- ENTER** Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: **<-- ENTER** MySQL server hostname [localhost]: **<-- ENTER** MySQL root username [root]: **<-- ENTER** MySQL root password : **<-- yourrootsqlpassword** MySQL database to create [dbispconfig]: **<-- ENTER** MySQL charset [utf8]: **<-- ENTER** Generating a 2048 bit RSA private key ...................................................+++ .................+++ writing new private key to 'smtpd.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: **<-- ENTER** State or Province Name (full name) : **<-- ENTER** Locality Name (eg, city) [Default City]: **<-- ENTER** Organization Name (eg, company) [Default Company Ltd]: **<-- ENTER** Organizational Unit Name (eg, section) : **<-- ENTER** Common Name (eg, your name or your server's hostname) : **<-- ENTER** Email Address : **<-- ENTER** Configuring Jailkit Configuring SASL Configuring PAM Configuring Dovecot Configuring Spamassassin Configuring Amavisd PHP Warning: copy(/etc/authlib/amavisd.conf~): failed to open stream: No such file or directory in /tmp/ispconfig3_install/install/dist/lib/fedora.lib.php on line 346 Configuring Getmail Configuring Pureftpd Configuring BIND Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Firewall Installing ISPConfig ISPConfig Port : **<-- ENTER** Configuring DBServer Installing Crontab no crontab for root no crontab for getmail Restarting services ... Stopping mysqld: [ OK ] Starting mysqld: [ OK ] Shutting down postfix: [ OK ] Starting postfix: [ OK ] Stopping saslauthd: [FAILED] Starting saslauthd: [ OK ] Waiting for the process  to terminate Waiting for the process  to terminate Daemon  terminated by SIGTERM Shutting down amavisd: [ OK ] amavisd stopped Starting amavisd: [ OK ] Stopping clamd.amavisd: [ OK ] LibClamAV Warning: ******************************************************* LibClamAV Warning: * This version of the ClamAV engine is outdated. * LibClamAV Warning: * DON'T PANIC! Read http://www.clamav.net/support/faq * LibClamAV Warning: ******************************************************* Starting clamd.amavisd: [ OK ] Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ] Stopping httpd: [ OK ] [Mon May 31 18:04:46 2010] [warn] NameVirtualHost *:80 has no VirtualHosts Starting httpd: [ OK ] Stopping pure-ftpd: [ OK ] Starting pure-ftpd: [ OK ] Installation completed. [root@server1 install]#
The installer automatically configures all underlying services, so no manual configuration is needed.
Afterwards access ISPConfig 3 under
http://192.168.100.250:8080/. Log in with the username
admin and the password
admin (you should change the default password after your first login).
The system is now ready to be used. Enjoy.